Abstract
Static code analysis tools (code checkers) scan source programs and issue warnings to potentially-problematic parts. Programmers can utilize a code checker whenever they change their source code to make sure that their code changes do not carry high risks of decreasing the code quality. Although code checkers would be helpful to detect risky code changes as early as possible, there is a practical problem which prevents an active utilization of such tools in the real: code checkers tend to produce a lot of false-positive warnings, i.e., such a tool outputs many warnings, but the majority of them are not attractive to the programmer. Toward an efficient utilization of code checkers, this paper proposes an application of the survival analysis method to prioritize code checker warnings. The proposed method estimates a warning’s lifetime with using the real trend of warnings through code changes; the brevity of warning means its importance because severe warnings are related to problematic parts which programmers would fix sooner. This paper conducts a large-scale case study of 6,927,432 warnings (259 types of warnings) appeared in 100 open source software projects. The results show that only 30 types of warnings are practically important for programmers in terms of the brevity, and the proposed method can drastically reduce the number of really needed warnings.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
- 3.
FindBugs was one of the popular tools, but it is not supported now. SpotBugs is the successor of FindBugs.
- 4.
- 5.
OS: Linux 3.10.0, Java: OpenJDK 1.8.0_201, CPU: Intel Core i5 3.2GHz, Memory: 16GB.
- 6.
Its file path is src/main/java/io/reactivex/internal/operators/flowable/FlowableRepeatWhen.java.
- 7.
The ranking was as of July 17, 2018.
- 8.
We excluded a source file if its name ends with “Test.java” or its path includes “test,” “demo,” “sample,” “example,” or “template.”
- 9.
They are the same as the example in Sect. 3.1.
- 10.
These are also required to estimate the hazard in the KM method.
References
Jones, C.: Applied Software Measurement: Global Analysis of Productivity and Quality, 3rd edn. McGraw-Hill, New York (2008)
Li, Y., Li, D., Huang, F., Lee, S.Y., Ai, J.: An exploratory analysis on software developers’ bug-introducing tendency over time. In: Proceedings of the 2016 International Conference on Software Analysis, Testing and Evolution, Yunnan, China, pp. 12–17, 3–4 Nov 2016. https://doi.org/10.1109/SATE.2016.9
Parnas, D.L.: Software aging. In: Proceedings of the 16th International Conference on Software Engineering, Sorrento, Italy, pp. 279–287, 16–21 May 1994
Cunningham, W.: The WyCash portfolio management system. ACM SIGPLAN OOPS Messenger 4(2), 29–30 (1993). https://doi.org/10.1145/157710.157715
Brown, N., Cai, Y., Guo, Y., Kazman, R., Kim, M., Kruchten, P., Lim, E., MacCormack, A., Nord, R., Ozkaya, I., Sangwan, R., Seaman, C., Sullivan, K., Zazworka, N.: Managing technical debt in software-reliant systems. In: Proceedings of the FSE/SDP Workshop on Future of Software Engineering Research, Santa Fe, New Mexico, pp. 47–52, 7–8 Nov 2010. https://doi.org/10.1145/1882362.1882373
Tufano, M., Palomba, F., Bavota, G., Oliveto, R., Penta, M.D., Lucia, A.D., Poshyvanyk, D.: When and why your code starts to smell bad (and whether the smells go away). IEEE Trans. Softw. Eng. 43(11), 1063–1088 (2017). https://doi.org/10.1109/TSE.2017.2653105
Muske, T.B., Baid, A., Sanas, T.: Review efforts reduction by partitioning of static analysis warnings. In: Proceedings of the 2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation, Eindhoven, Netherlands, pp. 106–115, 22–23 Sept 2013
Johnson, B., Song, Y., Murphy-Hill, E., Bowdidge, R.: Why don’t software developers use static analysis tools to find bugs?. In: Proceedings of the 2013 International Conference on Software Engineering, San Francisco, CA, pp. 672–681, 18–26 May 2013
Aggarwal, A., Jalote, P.: Integrating static and dynamic analysis for detecting vulnerabilities. In: Proceedings of the 30th Annual International Computer Software and Applications Conference, Chicago, Illinois, pp. 343–350, 17–21 Sept 2006. https://doi.org/10.1109/COMPSAC.2006.55
Hanam, Q., Tan, L., Holmes, R., Lam, P.: Finding patterns in static analysis alerts: improving actionable alert ranking. In: Proceedings of the 11th Working Conference on Mining Software Repositories, Hyderabad, India, pp. 152–161, 31 May–1 June 2014. https://doi.org/10.1145/2597073.2597100
Wang, S., Chollak, D., Movshovitz-Attias, D., Tan, L.: Bugram: bug detection with N-gram language model. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, Singapore, pp. 708–719, 3–7 Sept 2016. https://doi.org/10.1145/2970276.2970341
Burhandenny, A.E., Aman, H., Kawahara, M.: Examination of coding violations focusing on their change patterns over releases. In: Proceedings of the 23rd Asia-Pacific Software Engineering Conference, Hamilton, New Zealand, pp. 121–128, 6–9 Dec 2016. https://doi.org/10.1109/APSEC.2016.027
Shen, H., Fang, J., Zhao, J.: EFindBugs: effective error ranking for FindBugs. In: Proceedings of the 4th IEEE International Conference on Software Testing, Verification and Validation, Berlin, pp. 299–308, 21–25 Mar 2011. https://doi.org/10.1109/ICST.2011.51
Sadowski, C., Gogh, J.V., Jaspan, C., Söderberg, E., Winter, C.: Tricorder: building a program analysis ecosystem. In: Proceedings of the 37th International Conference on Software Engineering, Florence, Italy, pp. 598–608, 16–24 May 2015
Rupert, J., Miller, G.: Survival Analysis. Wiley, Hoboken, New Jersey (2011)
Kaplan, E.L., Meier, P.: Nonparametric estimation from incomplete observations. J. Am. Stat. Assoc. 53(282), 457–481 (1958). https://doi.org/10.1080/01621459.1958.10501452
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. MIT Press, Cambridge, MA (2009)
Sakoe, H., Chiba, S.: Dynamic programming algorithm optimization for spoken word recognition. IEEE Trans. Acoust. Speech Signal Process. 26(1), 43–49 (1978). https://doi.org/10.1109/TASSP.1978.1163055
Acknowledgements
This work was supported by JSPS KAKENHI #16K00099 and #18K11246. The authors would like to thank the anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Aman, H., Amasaki, S., Yokogawa, T., Kawahara, M. (2020). A Survival Analysis-Based Prioritization of Code Checker Warning: A Case Study Using PMD. In: Lee, R. (eds) Big Data, Cloud Computing, and Data Science Engineering. BCD 2019. Studies in Computational Intelligence, vol 844. Springer, Cham. https://doi.org/10.1007/978-3-030-24405-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-24405-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24404-0
Online ISBN: 978-3-030-24405-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)